IT Governance backs urgent need for Cyber Essentials Scheme launched today by HM Government and CREST


Ely, England, 05 June 2014 – IT Governance, the fast-growing cyber security provider, has announced that it will be giving strong backing and practical support to the UK Government’s Cyber Essentials Scheme in the form of consultancy services, a Cyber Essentials Foundation training course, a Cyber Essentials implementation guide, a Cyber Essentials toolkit and a Cyber Essentials events programme. The Cyber Essentials Scheme was launched on Thursday, 5 June 2014.


A strong cyber security posture is an absolute requirement to protect organisations’ confidential data assets - and reputations - from new emerging threats such as the recent Gameover Zeus malware attack. The Cyber Essentials Scheme recognises that not all organisations are able to invest in the most rigorous levels of cyber security, and provides a baseline for cyber security in the UK for all organisations.

Alan Calder, Founder and Executive Chairman of IT Governance, says, “The Cyber Essentials Scheme will play an important role in creating a baseline of cyber security measures for British organisations. We welcome the fact that the five security controls set by the scheme can be mapped to ISO27001, the international information security management Standard.”

From October 1, the government will require all suppliers bidding for certain personal and sensitive contracts to be Cyber Essentials certified. This will provide further protection for the information that the government handles and will encourage wider adoption of the new scheme, according to BIS.

The Scheme has changed shape since the consultation documents were circulated earlier this year. There are now only two levels - Cyber Essentials and Cyber Essentials Plus - where previously there were three. Cyber Essentials (Level 1) will require external vulnerability assessments and a self-assessment, and Cyber Essentials Plus (Level 2) will include a more thorough assessment from a certifying body. Organisations must complete Cyber Essentials before achieving certification to Cyber Essentials Plus.

In order to receive the Cyber Essentials or Cyber Essentials Plus badge, companies have to carry out either a self-assessment, which is then independently verified by a certification body, or undergo a more detailed internal assessment by a certification body.

CREST, an approved accreditation body under the UK Government Cyber Essentials scheme, certifies its member companies to provide required Cyber Essentials services such as vulnerability assessments. As a CREST member company that provides penetration testing and vulnerability assessment services, IT Governance is certified to provide Cyber Essentials services according to CREST.

IT Governance is currently working towards the mandatory additional assessments required to become a certification body for the Cyber Essentials Scheme and is also working to becoming certified to Cyber Essentials Plus itself.

By appointing a CREST member company, organisations can rest assured that they are procuring cyber security services from a trusted, certified company that employs professional, ethical and highly technically competent individuals.

Organisations that might be daunted by the baseline security requirements of the Cyber Essentials Scheme should take advantage of IT Governance’s years of experience helping organisations of all sizes achieve certification to information security and cyber security standards. IT Governance will be able to assist organisations through a variety of offerings, suitable for the budgets of all sizes. More information is available on our Cyber Essentials Scheme information page:

Following today’s launch, IT Governance is hosting the first Cyber Essentials event, 'Cyber Essentials – The UK Government Scheme to improve cyber security', on 24 June 2014 at No.2 Royal Mint Court in London. Places – which are selling fast - can be booked at an early-bird rate until 13 June here:

This website uses cookies. View our cookie policy